In this series of articles we will present a way to configure a Linux server to work in a mixed Windows/UNIX environment in a way that will scale well.

What not to do:
Don't try to configure a system in a fastest way possible, migrations between configurations (for example: from flat files to LDAP, for both UNIX and Windows authentication) are not easy to do, are disruptive and in the end result make those 5 minutes of work you do not do now, hours later on.

Note: I'm suggesting here how to pick out and configure a Linux server for a small company, with a server that is built from scratch or updated with a new install, not all suggestions apply for every possible workloads, though they should be a good starting point in most cases

Usually will give you better throughput (only very high amounts of Input/Output operations Per Second (IOPS) are hard to achive, but if you care for IOPS, you need to look at enterprise hardware)

Allow access to SMART data for HDDs

Doesn't tie the array to a controller

Is much more flexible than even the most expensive hardware RAID controllers

Relatively fast processor

Lots of RAM (4GB as of 2010 is absolute minimum for a new build)

A gigabit ethernet NIC, plus a FastEthernet one if the server will work as a router too

Basic configuration

Some features (easy backups, migration and Windows Previous Versions on Samba shares) require LVM running on the server.

When you are installing a new OS, put it on LVM, at the very least. Even if you plan to use single partition for whole system, this way, later on, you'll be able to migrate to larger HDDs or RAID without even rebooting the system.

GRUB needs a physical partition (or a RAID1 volume) to install to, so the basic configuration needs to be something like this:

File systems

Note on overall network architecture

Server Configuration

Network access and basic services

Routing

Firewall

DHCP

DNS

(dynamic DNS)

NTP

proxy server

FreeRadius EAP-TLS

Implementation 802.1x EAP-TLS using FreeRADIUS.

One common application of client side PKI certificates is 802.1x network authentication using EAP/TLS to present the client's identity to the server. Unlike many other EAP types, EAP/TLS does not transmit a password from the supplicant to the server, which is better network security.

This page explains how to build the FreeRadius server (v1.0.4 was current at the time) and configure it to be used for 802.1x network authentication and EAP/TLS.

Install OpenSSL and Freeradius:

* $pacman -S openssl
* $pacman -S freeradius

Go to the directory /etc/raddb/certs
If you wish to production server, change the value on its files ca.cnf, server.cnf, client.cnf.